Network problems
kevin.j.lisciotti at jpmchase.com
kevin.j.lisciotti at jpmchase.com
Thu Apr 14 19:06:20 UTC 2005
|---------+------------------------------>
| | kevin.j.lisciotti at j|
| | pmchase.com |
| | Sent by: |
| | fedora-list-bounces|
| | @redhat.com |
| | |
| | |
| | 04/14/2005 02:58 PM|
| | Please respond to |
| | For users of Fedora|
| | Core releases |
| | |
|---------+------------------------------>
>--------------------------------------------------------------------------------------------------------------|
| |
| To: For users of Fedora Core releases <fedora-list at redhat.com> |
| cc: "'For users of Fedora Core releases'" <fedora-list at redhat.com>, |
| fedora-list-bounces at redhat.com |
| Subject: RE: Network problems |
>--------------------------------------------------------------------------------------------------------------|
|---------+------------------------------>
| | "Thomas E. Dukes" |
| | <edukes at alltel.net>|
| | Sent by: |
| | fedora-list-bounces|
| | @redhat.com |
| | |
| | |
| | 04/14/2005 02:49 PM|
| | Please respond to |
| | For users of Fedora|
| | Core releases |
| | |
|---------+------------------------------>
>--------------------------------------------------------------------------------------------------------------|
|
|
| To: "'Marc M'" <linuxr at gmail.com>, "'For users of Fedora
Core releases'" <fedora-list at redhat.com>|
| cc:
|
| Subject: RE: Network problems
|
>--------------------------------------------------------------------------------------------------------------|
From: fedora-list-bounces at redhat.com
[mailto:fedora-list-bounces at redhat.com] On Behalf Of Marc M
Sent: Thursday, April 14, 2005 1:38 PM
To: For users of Fedora Core releases
Subject: Re: Network problems
Are the lights on, on the switch's ports that you are using? Have you
rebooted the switch? Are you able to connect with other machines or
ports (say a laptop)? Is the light working on the nic? Cabling good?
If you have multiple nics you should stop/start them and see if you can
get one to work, sometimes one works when another won't. service network
stop, ifup eth0, ifup eth1, etc. Look at your dmesg and see whether it
finds your eth0 or eth1, that'd be nice to know....
If you are able to narrow it down to the one FC2 box (and within the os),
then I would say that lastly you should run a chkrootkit utility on the
box to see if you have been own3d.
I ran chrootkit and I found this:
Checking `bindshell'... INFECTED (PORTS: 1524 31337)
Checking `lkm'... You have 12 process hidden for readdir command
You have 12 process hidden for ps command
Warning: Possible LKM Trojan installed
This looks like a problem!! What is bindshell? I did a locate but could
not find it installed. What do I need to do?
TIA
Cheers
Marc
It appears as though you have been hacked aka 0wn3d :) You better back up
your data and rebuild the system.
As a followup, can you telnet to the ports indicated, and what do you see?
More information about the fedora-list
mailing list